Staff Security Engineer, Product Security

Requirements:

• 5+ years of relevant hands-on experience in product and application security.
• 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment.
• Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review.
• Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation.
• Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams.
• Formal credentials are great, but real-world experience, curiosity, passion, and a builder’s mindset matter more.

What You'll Be Doing:

• Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products.
• Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC).
• Anticipate, prioritize, and mitigate risks through proactive threat modeling, security assessments, security testing, and automation.
• Perform security code reviews.
• Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts.
• Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early.
• Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases.
• Help define and enforce security policies and provide security guidance to development teams.
• Help shape Mozilla's security culture through collaboration, guidance, and education.

Perks and Benefits:

• Generous performance-based bonus plans to all eligible employees - we share in our success as one team.
• Rich medical, dental, and vision coverage.
• Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute).
• Quarterly all-company wellness days where everyone takes a pause together.
• Country-specific holidays plus a day off for your birthday.
• One-time home office stipend.
• Annual professional development budget.
• Quarterly well-being stipend.
• Considerable paid parental leave.
• Employee referral bonus program.
• Other benefits (life/AD&D, disability, EAP, etc. - varies by country).